In many applications, it is desirable for one computer, server, mobile telephone, radio-frequency identification (RFID) tag or other type of cryptographic device to pair with, authenticate or otherwise share secrets with another cryptographic device. Unfortunately, such arrangements can be problematic when carried out using existing techniques.
RFID is a catchall term for a range of technologies that perform short-to-medium range wireless communication, typically between a well-resourced reader and a highly-constrained device referred to as a tag. Near-field communication (NFC) is a specialization of RFID directed to a particular set of radio frequencies and protocol standards, and is designed for near-contact communication. NFC is also an extension of RFID that permits reader-to-reader networking.
Mobile devices, particularly handsets, are increasingly outfitted with NFC readers. Objectives for the inclusion of NFC readers on such devices include permitting such devices to act as contactless payment devices, ticketing devices, interactive posters, etc. Also, as tags are compact and easily carried by users, they are becoming attractive as factors for the release of credentials on mobile devices. For instance, consider the following example.
A user, referred to in this example as Alice, runs a software-based password authentication product on her mobile handset. She also keeps an NFC tag attached to a monitor on the desk of her office. Rather than typing her personal identification number (PIN) into her mobile handset to authenticate using the password authentication product, she physically taps her phone against the NFC tag. When she does so, her PIN is automatically instantiated in the software-based password authentication product on her mobile handset.
Special-purpose, cryptographically-enabled tags can be designed to support this mode of use. However, conventional or general-purpose tags, both with and without cryptography, cannot accomplish such objectives. Accordingly, a need exists to provide capabilities for storing a key on a conventional or general-purpose tag that can serve to decrypt a credential on a mobile device.